Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Dega704 sends this news from ComputerWorld:
"Some financial services companies are looking to migrate their ATM fleets from Windows to Linux in a bid to have better control over hardware and software upgrade cycles. Pushing them in that direction apparently is Microsoft's decision to end support for Windows XP on April 8, said David Tente, executive director, USA, of the ATM Industry Association. 'There is some heartburn in the industry' over Microsoft's end-of-support decision, Tente said. ATM operators would like to be able to synchronize their hardware and software upgrade cycles. But that's hard to do with Microsoft dictating the software upgrade timetable. As a result, 'some are looking at the possibility of using a non-Microsoft operating system to synch up their hardware and software upgrades,' Tente said."

I've seen XP on some ATMs, not XPe, although it does get annoying when an ATM is down due to an XP activation screen.

The ATM industry needs to stop being pennywise and pound foolish.

Instead, they need to design their platform once, do it right, then as time goes on, add a UI refresh every so often so the cute cartoon characters get a facelift every year or two.

Were it up to me with ATM design, I'd probably charge off a quarter profit to do the architecture right, then once done, pretty much coast from there.

First, I'd give a lot of consideration to QNX. ATMs are not really needing a RTOS, but QNX has an excellent reputation for security (with decent government certifications to back that.) From there, add a TPM chip, userland, and the application. Done right, someone plugging in an unauthorized USB flash drive won't be able to do as much, compared to XP with AutoPlay/AutoRun turned on.

Linux is also a good choice. One could go with a full userland or an Android style userland, both with SELinux to minimize damage. Linux may not have the C2 cert that QNX does, but it will hold its own in security, if done right.

> Oh if only Microsoft had given them more than like 10 years notice of end-of-support, they might have had time to prepare....

I've been in shops where the key mission critical app was 30 years old. All of the shiny new MBAs would come in and try and replace that thing with newer tech but would ultimately fail. The 30 year old product did the job and the shiny new things couldn't.

ATMs are such a key part of their business that it really makes no sense for them to not be in total control.

Linux allows that.

Although they should have used a more industrial product to begin with. The choice really shouldn't be between Linux and Microsoft. There should be better targeted options and the market should have allowed those to thrive.

Although they should have used a more industrial product to begin with.

This can be hard in practice. Vendors of niche products often only support Windows. Even if they support other OSes, you end up being the beta tester since the code is not as widely used. We ended up using XP embedded years ago because, of all things, USB memory stick compatibility. We tried to use Wind River's drivers, Linux drivers (years ago), and even Windows CE - but XP was the only solution that worked with almost every stick out there. When we used Wind River's solution, we had to maintain a compatibility list. But this effort was impossible once they started to explode in popularity. We of course sold compatible sticks to use with our equipment, but this was not popular with our customers and our competitors used Windows, so we were at a disadvantage.

They originally chose XP because it had a much lower cost of entry than anything else, and I'm not saying that as a Linux hater - yes, you do get the source to do with as you may, but that means hiring developers who know how to do something with that rather than just hiring VB developers. Low start up costs versus less control over your long term environment. But that wasn't an immediate problem when the EOL date was a decade off.

Now, a decade on, there's plenty of Linux developers for them to hire. Back then, there weren't as many. And due to economic factors, they will work for peanuts. Sounds like they're reaping what they sowed all right, and it was a good working decision for them to make.

Really? I'd heard they chose XP because they wanted to be able to run flash on the ATMs. As stupid as that sounds, many ATMs play advertisements (generally for the bank in question) of some sort and flash was the popular delivery platrform. Since the ATM vendors had control over the content it presented no security risk, but they did require a supported platfotm.

I suspect ATMs straddle the line between being too sophisticated and varied to lend themselves to a simplistic embedded system, and too niche a product to be cost effective to develop a specialized OS from the ground up. Windows gave them something that got the job done more cheaply than a custom-built OS. Now that Linux has gone mainstream it does open the door to a specialized OS since it need not be built from the ground up - adding and removing modules typically involves *far* less effort, especially when there are numerous variations of stripped-down specialty distros to start from.

ATMs are such a key part of their business that it really makes no sense for them to not be in total control.

Linux allows that.

Banks aren't in the business of manufacturing ATM machines, they buy them.

It makes perfect sense for ATM vendors to partner with Microsoft for the OS. They really don't want to be in the business of writing an operating system when they can buy one off the shelf.

The only real issue is that an ATM is pretty expensive; they're designed to have a useful life of about ten years. Banks don't want to scrap probably hundreds of millions' of dollars worth of good working equipment, so they lean on Microsoft to con

I don't see where Linux would be that much of a better benefit for ATM's since it's lifecycle is typically short as well.

XP is kind of a enigma for MS, since they supported far longer than most of their OS'es (I think windows NT and maybe DOS had a longer support cycle) Lifecycle was one of the reasons OS/2 survived so long since IBM supported it for 10 years.

In the Linux world, the longest LTS distro support I've seen is 5 years. Sure you can upgrade Linux easier than Windows in many cases but you may sti

You aren't thinking like a hardware manufacturer. Using XP on all of their hardware - new and old - enabled them to support all hardware with one code base. Switching to the newest version of Windows at any stage makes support more complicated. Maybe it wouldn't matter for some embedded devices, but you need to keep ATMs up to date for security reasons. So sure, the 10-year-old ATMs you can just write off and call obsolete. But what about those sold 5 years ago? Last year? Your choices are to sell your cust

There is no reason to write-off 10 year old ATMs. They are likely in good working order, and you can get spare parts. You do not throw away a 10 year old plane or helicopter either. These devices are more like elevators: Keep them in good order, and they will serve you well for a few decades. The only problem is that the people that selected the OS had no understanding at all what kind of device they were designing for.

Now, with an (embedded) Linux, they can back-port security fixes (or have them back-porte

These are not computers, these are devices. They run forever as they are a bit more expensive and a bit better built than "consumer" trash. Of course, sticking anything from MS in there is pure stupidity, but it seems they are learning that lesson now.

I don't even get why they'd switch to Linux. Something like QNX or VXWorks (I'm sure people will chime in with other/better examples) would make much more sense for something as simple as a bank machine. A bank machine has to do very little. Why would something as complex as Windows or Linux be used.

I don't even get why they'd switch to Linux. Something like QNX or VXWorks (I'm sure people will chime in with other/better examples) would make much more sense for something as simple as a bank machine. A bank machine has to do very little. Why would something as complex as Windows or Linux be used.

Because of developer tools. The software on ATMs isn't static - it changes often enough to be annoying as new banking requirements come up - new language support, accessibility, currency handling, etc.

The ATM hardware basically is static, but the software it runs on is customized for the bank and for the purpose the bank is using it for.

Embedded OS tools generally are quite awful and hard to set up. But desktop tools are easier to use - just point a developer at Visual Studio, the source repo and they can get building that afternoon. And with a few peripherals, they can even emulate the ATM hardware right on their desktop without having to have the ATM beside them, transfer the code and assets over, etc.

Anyhow, it's not like banks didn't have a lot of notice - way back in the Windows 7 days Microsoft had already announced end of support (this was over 5 years ago). They reiterated it several times since then. The fact that support was ending next month has been known for years.

Problem is, most companies see it as "far off" and too far away to bother, ignoring the fact that migrating can take years. Just because you were told in 2009 that XP was going away in April 2014, means most companies will ignore it until the last minute. It's so bad that Microsoft is getting requests to extend XP support another year. (And most of those are from people who did NOT need more than 5 years to migrate - they just ignored it until they had the "oh shit it's only 6 months away!" moment).

It's been going on for years now - the banks have had more than ample opportunity to prepare.

XP embedded was the OS of choice after OS/2. Turns out the bankers wanted to know why, if they're paying the same price, they're not getting XP Pro. It's really that simple.

It was never a question of "can we install Linux or Windows 7 or BeOS" - it's basic Intel hardware.

The reason XP is still on the ATMs and not Win7 is due to the banking industry and PCI regulations - it costs hundreds of thousands of dollars to make a simple change to the ATM and get it certified by the banking industry and prove that

Keeping costs low, and easing application development. At the time, PCs were a lot cheaper than custom embedded systems, and there's lots of room in an ATM for a PC. As well, PCs are standardized, so if one supplier goes tits up you just start getting your supplies from someone else, in the same form factor but with potentially completely different hardware, and yet your software still works. If you're Diebold in the 1980s and you're trying to keep development costs down, the PC is the only logical solution

Didn't RTFM, but does it actually say that the ATM vendors are being driven off XP? It could well be simply that they can see the writing on the wall, realizing that embedded XPs days are numbered, and are actually doing the intelligent, forward-looking thing by considering Linux as a more long-term solution than whatever the MS-recommended upgrade path from embedded XP is.

No. The ATMs in question are running XP Pro, not Embedded. The same thing is happening in the UK, where banks are paying Microsoft hundreds of millions of dollars for extended support contracts (link [digitaltrends.com]), just to keep releasing patches every now and then. This wouldn't be the case if the machines were on XP Embedded.

It was, before the ADA required banks to replace any ATM that could not handle audio integration. That was about 2-3 years ago. OS/2 typically could not handle the hardware upgrade necessary for the required audio. The banking industry paid millions, maybe billions, to upgrade tens of thousands of ATMs. Diebold, NCR and Hyosung made out like bandits.

ADA was only one reason. The main reason was OS/2 was EOL and they couldn't really do anything with it.
You haven't truly loathed an OS until you waited an hour for an ATM to boot, only to find out the next config change would require another reboot....and you had 5 more config changes to make.

I guess I'm missing the difference. Linux distros and kernels do indeed go EOL. When that happens there are no more security updates and backporting right? Well how is that different than what MS is doing right now with XP? In either case they will still have to face the fact that the OS isn't going to be supported anymore and will require them to upgrade software.

Or are they thinking they will go it alone and continue to update their Linux distro/kernel just because it is open source? Do they really think they are qualified to do that? Or is the hope that they can spend money to keep the OS in long-term-support status?

Or are they thinking they will go it alone and continue to update their Linux distro/kernel just because it is open source? Do they really think they are qualified to do that? Or is the hope that they can spend money to keep the OS in long-term-support status?

That is not as hard as it sounds. There's already tons of mission critical in-house applications in banks, some of them probably quite a lot more complex than an OS with some drivers and an application on top of it...

It all smacks of very very poor planning on the case of the ATM vendors, and they have to find someone other than themselves to blame - after all, they've ignored the issue for 7 years, which is how long we have known about the EOL date for XP, so where has the forward planning been in the interim period?

So they eschew Microsoft's replacement because doing so supports their laying of blame on them, they have little other option than outright admitting their own failure.

Since the code is free you can just buy support from any IT company who offers it. You are not forced to buy it from the original manufakturer. So with Linux - you can basically get eternal support if you want it.

The truth is if Microsoft sold it off they could probably get very good payment from other companies that would love to take over support and upgrades of Windows XP.

Microsoft is killing the business to be able to force the customers to downgrade to their new operating systems.

You are missing the difference. Linux is open-source, and not under the control of any one vendor. Distros go EOL, kernels basically do not; you can always upgrade to a newer kernel, and you're not going to break anything in the process. So if you're an ATM maker and you roll your own Linux distro, it's pretty trivial for you to just keep upgrading to the latest (stable, not bleeding-edge) kernel. Or, if you prefer to have a vendor do your OS work for you, your vendor (like Wind River, Timesys, etc.) can do that too. So basically "yes" to your second paragraph, first sentence. If they're not qualified, they can outsource it to one of the many commercial Linux companies. And if they get sick of their chosen vendor, they can easily switch to a different vendor, or move it in-house; these are options that aren't present with MS.

you can always upgrade to a newer kernel, and you're not going to break anything in the process.

This is just wrong. Threading and libc compatibility isn't transferable between 2.4 and 2.6. There are innumerable 2.4 applications which will flat out not run on a 2.6 system. The same goes between 2.2 and 2.4. And 2.0 and 2.2.

I have worked in an IT department where we were getting slammed every few years with huge upgrade crunches. These were on desktop PCs not ATMs so I don't know how closely our problems mirrored those of banks but for us it was all of in-house software that had to be tested and upgraded to work with Microsoft changes.

We had a hardware maintenance contracted so every few years,like it or not, we would get new PCs that had Microsoft's newest OS. It's not as easy as just dropping new PCs on everyone's desks.

The same software runs with very old and very new kernels and libraries. If you used a bit of restraint, you can run 25 years old UNIX GUI code (no Linux back then) on a modern Linux with a simple recompile. And, unlike MS trash, Linux basically only crashes on driver and hardware problems, and the vendor has full control on what drivers to include and which not. They can also compile all the needed drivers statically into the kernel, greatly decreasing installation complexity.

It still costs a shitload of money to change platforms for an established product - especially since Win7/8/... are quite different with regards to file structure, user management, security, etc. And by nowmost security holes have been closed in their version of XP.
Well, now that they switch to something open, M$ won't be able to pull another XP on them:-)

"Pulling an XP"... is that some kind of euphemism for supporting a product long past industry standards for free? Funny you use the little $ in "MS", seeing as that they haven't asked me for a single cent for updates to my XP box since 2001.

This is not just about support, but also about availability and continuity. The fact that YOU did not have to pay a cent means nothing when compared to companies that licenced millions of copies of XP (>2.000.000 ATMs). and that soon will have to switch to another product for replacing old and/or broken machines.
By industry standards, Microsoft is an unreliable player!

Windows based ATM machines are almost certainly running on XP Embedded, rather than the retail version of XP... support for Embedded doesn't end until January 2016. Thus, if the financial industry is moving away from XP to Linux, it isn't necessarily related to Microsoft's XP support schedules.

XP Embedded 2009 is supported until 2019. I have POSReady 2009 installed in a VM to see if it gets updates post April. Wouldn't be surprised if folks figure out a way to get the patches working on retail XP.

Why an ATM was hosted on XP in the first place is beyond me. I suppose you dance with the one who brought you and banks are solidly Windows shops, but using XP for a device where security and reliability is paramount seems like a bad choice, at least in hindsight. I suppose in the depths of the XP heyday, when the base design decisions where being made, Linux was a decidedly hit and miss affair (mostly miss). X support was spotty and other devices had limited support. I remember the heady days of installing slackware and configuring video card and monitor by editing that text file. XP must have looked pretty good.

Now, ATM venders are faced with having to port everything to newer versions of Windows, which forces them into more expensive hardware (faster CPU's, more memory, greater drive space, modern video hardware etc.). This in the face of being able to keep using the old proven hardware, put Linux on it and get another decade or two, not to mention control of your own destiny because the source code is available and free. You are going to pay to retool to Linux, but you get to step away from Microsoft license fees. It's a long term gain, short term loss.

Maybe they will make the right choice this time? Who are we kidding... You KNOW that Microsoft has pulled out all the stops on the Redmond FUD machine and would gladly cut some "deals" to keep these guys on the hook and make Linux look less desirable in terms of ROI.

Well cheap VB programmers instead of more expensive Linux developers was probably the main reason of using XP over Linux in the first place. However, the banks also have less control. Embedded XP is EOL in 2019, I think not 2014. In the best case scenario, there are a lot of ATMs that need to be upgraded in the next 5 years to the next Windows Embedded version. But like the PC industry, some older machines will not meet the requirements.

If Red Hat or any of the other well-known distros had a spin I could burn to a thumb-drive that was XP-user-friendly, I could show it off and expect what my company's receptionist once asked: "That looks nice, what version of Windows is this?"

A colleague had installed Linux on the reception PC, and left a yellow stick to tell the receptionists to ask me for the password.

That's the thing, though: for the most part the basic programming APIs haven't changed much since then. There's some new ones, but mostly code written for RHEL 2.1 will compile and run on Debian 7.4. The kernel will have been upgraded, the libraries and packages will have been upgraded, but the source code and makefiles and scripts will need minimal changes to make the jump. You won't be able to take advantage of the new features, but you won't be looking at nearly the work to migrate. Even widget sets are mostly backwards-compatible, and for an application like an ATM you can omit the desktop environment stuff that's undergone major changes over the years (why would an ATM need a desktop environment anyway, it's not like customers will be interacting with the ATM's desktop). Combine that with the ability to just not run services like Samba (Windows networking) and the like and you make it a lot easier to do support in-house as well, reducing the need to migrate in the first place.

You are assuming that companies will actually have access to the source of the applications they bought, even if they were written for them instead of some off the shelf software. And that's mostly the case even when they run Linux beneath. So all this does is to change the problem from "Microsoft won't support XP after 10 years" to "I sure hope Billy Bob's Software will still support (as in just recompile) my software for the next RHEL version."

Given the long notice on Windows XP end of life, why is this just being considered now? I would expect vendors to announce they have completed or have started their migration to a newer platform. And Linux is a very reasonable choice for this, and it was years ago. QNX, VxWorks was as well. It's not like Linux became a reasonable embedded OS just this year, but it seems like the companies are thinking that. "Oh, hey, maybe Linux isn't too bad after all." Weird.

This is just a bid to get bargain basement pricing on the next Microsoft OS. Threaten to move to Linux and the Microsoft Sales Droids will cut the licensing fee for whatever Windows you want down to an almost reasonable price.

Though without Ballmer, that's not the slam dunk prediction it used to be...

This is the perfect example of why gratis doesn't mean so much. The really important thing here is that the user or even the "integrator" can have complete control of the system. They don't have to worry about ANYONE else interfering with the degree of control they want and the features that they want to be active.

The people building the ATM are in total control. For a device like an ATM, that's really how it should be.

An important factor is modularity: You can have different kernels, different window-managers, even different system C libraries, etc. because all these interactions are standardized (well, except things produced by utter morons without any understanding of the UNIX philosophy like the systemd-cretins). That means you can fix things yourself, for example maintaining your own kernel without breaking anything in user-space or having your own drivers that you rarely need to adjust to kernel changes.

I'm sick of the "it's more secure" nonsense. It has the potential to be secured properly by the integrator, but that's it.

Aren't you basically contradicting yourself here? If it has the potential to be secured properly (and the alternative does not), then doesn't that make it more secure by definition?

To make a crappy car analogy, let's suppose I have two options for cars, and I want a car that's extremely safe (as in offers the best crash protection). Option 1 is a car that has freely-available design d

Well, no. If you're largely incompetent in the automotive-construction trade then you're liable to build some monstrosity that, while appearing safer, is quite possibly considerably less secure than option 2.

What option 1 really grants you is a wide range of vendors selling related cars with various different configurations, which can be rigorously compared in a largely apples-to-apples manner to find the one that best suits your needs. The ability to custom-design your car is nice, but probably foolish t

Well, that doesn't really answer the question. You also need the other half of the answer: that our culture has developed in a way that makes avoiding the services offered by the companies building and operating ATMS rather severely inconvenient.

Most businesses don't think that far ahead, at least when it comes to things which are not their core business...The idea that they would make their business dependent on software only available from a single vendor is equally staggering.

Really? Why? You don't think there's a good supply of programmers who know Linux out there from, oh, all the telecoms*? Or most of the stock trading companies? How 'about Fortune 500 companies that use some other version of Unix, like, say, Lowe's?* Or how about Android programmers? Or.... shall I go on?

Which company? The Bank or the ATM builder? There are only so many ATM providers, I can only kind of blame banks. The ATM providers, should pay for this. Banks should switch away from DIebold and the like that have used Windows XP for so long.

You can't 'tell them what you want'... they'll hand you back a slip and tell you to fill it out and sign it... which is what you do when you poke the buttons and enter your pin number at an ATM.

You're naive at best.

Banks are some of the most ruthlessly efficient organizations on the planet, by their very nature.

First off, those bored people behind the counters 'watching you fill out those ridiculous slips' aren't bored, I promise you they've been working ALL day, doing something the bank hasn't yet automated. Just because the counter is high and you can't see they've been counting night deposits doesn't mean they were just sitting back their rubbing one off.

Second, the slips are not so you can 'tell them', its so the bank has a record of what YOU told them you were asking for or giving them, and BEFORE The transactions complete, they can reject it. If they accept it, they have, IN WRITING, what YOU requested from them, and how they filled it. They are protected against YOUR mistakes in transactions. The ATM does the EXACT same thing, but you just don't realize its doing it. This is a matter OF LAW, not practice or fun. This kind of stuff goes right along with the regulations that let them put that nice little Insured by the FDIC sticker on the window.

Third, Awesome, you think because the bank has off loaded doing their job onto YOU and a machine, that people who use the old method, where the bank actually provides services... are the ones with a problem. And notice... those people have... money.

Irony: You think you're smarter because the bank is much more efficient at ripping you off than those stupid old people. Congratulations, there is an old dude sitting in an office, laughing his ass off about how you and the kind of ignorance you carry with you, filthy fucking rich.

ATMs are banks giving you less service and charging you for the privilege. You're an idiot. You kinds of guys are mind blowing to me. So excited about the new hotness not being 'old and busted' to notice that 'new hotness' is in fact, busted from the start and 'old and busted' got the job done better and cheaper.

Most countries, obviously including economically advanced and powerful Germany (where I live) also use ATMs (Geldautomaten). Here, the culture is still such that "cash is king". Other than supermarkets, huge chains like Ikea, H&M and McDonalds, there are very few places that you can use a debit/credit card to pay for goods and services. Asking "people still use cash?" is centered around a single first-world culture and in no way representative of the wider presence of ATMs.

All the banks just had to replace their ATMs with audio-capable ones because of the ADA, so now they get to replace them all over again because of XP being EOL. Why would the ATM vendors want to adopt Linux, when they can use MS EOL as a convenient excuse to get the banks to replace their ATMs yet again in the future?

practically speaking, maybe the urge to update is being driven from the other end... i.e. the developer tools (on windows) keep getting changed and updated, windows application developers who specialize in yesteryears Visual Studio get harder and harder to find not to mention that the desktop environment they're targetting is now no longer running on the developers own machines.

If your development team is having to jog to keep up with the constant change in the development tools I c

There are plenty of non-frivolous reasons why ATMs should be upgradeable. Banking is highly regulated, and if tomorrow the FDIC, the FRB, the OCC, or the CFPB made a rule about ATMs that could not be easily reconfigured for then an OS upgrade might be required to be in compliance. And it is unlikely that any sufficiently large organization has no security breaches on their internal network. A good defense in depth [wikipedia.org] strategy would almost certainly devote some resources to making sure that ATMs are secure, to